Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.02.2008
Source:
SecurityVulns ID:8711
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.
Affected:XOOPS : xoops 2.0
 PUNBB : PunBB 1.2
 AERIES : Aeries Browser Interface 3.8
 AERIES : aeries browser interface 3.7
 OSSIM : Open Source Security Information Management 0.9
Original documentdocumenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_cms) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_asortyment)katid (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module prayerlist SQL Injection(cid) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_most)secid (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_mygallery) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Downloads SQL Injection(sid) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke genaral print SQL Injection(id) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Dossiers Injection(did) (22.02.2008)
 documentmarcin.kopec_(at)_hotmail.com, SQL-injection, XSS in OSSIM (Open Source Security Information Management) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Siir SQL Injection(id) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module tinyevent-print SQL Injection(id) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_idvnews) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module BenchmarkNewsInjection(sid) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_joomlavvz) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_referenzen) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Classifieds SQL Injection(Details) (22.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_asortyment)katid (22.02.2008)
 documentadmin_(at)_arsalank.com, aeries browser interface(ABI) 3.8.2.8 Remote SQL Injection (22.02.2008)
 documentadmin_(at)_arsalank.com, aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection (22.02.2008)
 documentadmin_(at)_arsalank.com, aeries browser interface(ABI) 3.8.2.8 XSS (22.02.2008)
 documentStefan Esser, Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability (22.02.2008)
 documentf10_(at)_by-f10.com, Xoops-2.0.16 Remote File Inclusion (22.02.2008)

EMC Replistor multiple security vulnerabilities
Published:22.02.2008
Source:
SecurityVulns ID:8712
Type:remote
Threat Level:
5/10
Description:Multiple security vulnerabilities on TCP/7144 and TCP/7145 traffic parsing.
Affected:EMC : RepliStor 6.2
CVE:CVE-2008-6426 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-6426
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.19.08: EMC RepliStor Multiple Heap Overflow Vulnerabilities (22.02.2008)

Sybase MobiLink buffer overflows
Published:22.02.2008
Source:
SecurityVulns ID:8713
Type:remote
Threat Level:
5/10
Description:Multiple buffer overflows during authentication.
Affected:SYBASE : MobiLink 10,0
Original documentdocumentLuigi Auriemma, Heap overflow in Sybase MobiLink 10.0.1.3629 (22.02.2008)

splitvt privilege escalation
Published:22.02.2008
Source:
SecurityVulns ID:8714
Type:remote
Threat Level:
5/10
Description:Group privileges are not dropped on external application execution.
Affected:SPLITVT : splitvt 1.6
CVE:CVE-2008-0162
Original documentdocumentDEBIAN, [SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation (22.02.2008)

ZyXel Prestige routers multiple security vulnerabilities
Published:22.02.2008
Source:
SecurityVulns ID:8716
Type:remote
Threat Level:
6/10
Description:Crossite scripting, crossite request spoofing, privilege escalation, unauthorized SNMP access, information leak.
Affected:ZYXEL : ZyXel P-660H-D1
 ZYXEL : ZyXel P-660H-D3
 ZYXEL : ZyXel P-660HW-D1
 ZYXEL : ZyXel P-661HW-D1
Original documentdocumentProCheckUp Research, ZyXEL Gateways Vulnerability Research: http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf (22.02.2008)
Files:ZyXel gateways vulnerability research

Symantec VERITAS Storage Foundation multiple security vulnerabilities
updated since 22.02.2008
Published:15.08.2008
Source:
SecurityVulns ID:8715
Type:remote
Threat Level:
6/10
Description:DoS on TCP/4888 request parsing, buffer overflow on UDP/3207 parsing.
Affected:SYMANTEC : Veritas Storage Foundation 5.0
CVE:CVE-2008-0638
 CVE-2007-4516
Original documentdocumentZDI, ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability (15.08.2008)
 documentSYMANTEC, SYM08-015_SFW_SecurityUpdateBypass (15.08.2008)
 documentIDEFENSE, iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability (22.02.2008)
 documentZDI, ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability (22.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod